Like an NT hash (AKA NTLM hash) and a Kerberos ticket, a Primary Refresh Token (PRT) can be passed in an attack. Mimikatz author Benjamin Delpy and Dirk-jan Mollema have both released detailed research and code showing how attackers could Pass-the-PRT to perform the lateral movement to the cloud.
Here we take a brief look at what a PRT is and how cyber-criminals could exploit it to launch attacks.
Do you know how hackers can enter your system? Find out on CQURE CyberBytes training and learn from Paula J where are points of entry to your infrastructure.